← 返回 Skills 市场
Solidity Audit Precheck
作者
samledger67-dotcom
· GitHub ↗
· v1.0.1
· MIT-0
309
总下载
0
收藏
1
当前安装
9
版本数
在 OpenClaw 中安装
/install solidity-audit-precheck
功能描述
Automated pre-audit checklist for Solidity smart contracts. Runs SWC registry scan, OpenZeppelin pattern validation, gas optimization suggestions, and common...
安全使用建议
This skill appears to do what it advertises: run local static analysis, linting, and AST checks on Solidity code. Before installing or following its install commands: 1) inspect the remote installer (foundry.paradigm.xyz) before running curl | bash and prefer platform packages or pinned installers where possible; 2) install Python/Node/Rust tools in isolated environments (virtualenv, nvm, cargo home) or CI containers to limit system impact; 3) pin tool versions to ensure reproducible results; 4) don't provide any secrets—the skill does not request them and they are unnecessary; 5) treat automated checks as a pre-filter only and still obtain a manual audit for production deployments. If you want higher assurance, ask the author for a signed, versioned install manifest or prefer installing tools from your organization's approved package sources.
功能分析
Type: OpenClaw Skill
Name: solidity-audit-precheck
Version: 1.0.1
The skill provides a comprehensive workflow for auditing Solidity contracts using legitimate security tools like Slither, Mythril, and Foundry. However, it requires high-risk system operations in SKILL.md, including installing multiple packages via pip, npm, and cargo, and executing a 'curl|bash' command from foundry.paradigm.xyz. While these actions are plausibly needed for the stated purpose of setting up a security toolchain, the requirement for broad shell access and third-party binary execution on the host system meets the threshold for a suspicious classification.
能力评估
Purpose & Capability
Name and description (Solidity pre-audit checklist) match the instructions: static analysis (Slither, Mythril), linting (Solhint), AST analysis (Aderyn), and Foundry workflows are all expected for this purpose. No unrelated capabilities or credentials are requested.
Instruction Scope
SKILL.md explicitly instructs the agent/operator to enumerate contract files, run analyzers, and inspect project config files (foundry.toml, remappings, package.json). Those actions are within the stated scope and do not ask the agent to read unrelated system files or exfiltrate data.
Install Mechanism
The skill recommends installing multiple third‑party tools via pip, npm, cargo, and a curl | bash installer for Foundry. These install methods are common for dev tooling but carry higher risk (especially the remote install script). The instructions do not bundle or pin specific release artifacts within the skill itself.
Credentials
No environment variables, credentials, or config paths are required by the skill. The operations described act on the local codebase only, which is appropriate for a pre-audit checklist.
Persistence & Privilege
Skill does not request always-on presence and does not instruct modifying other skills or global agent configuration. Autonomous invocation is allowed by default but not combined with elevated privileges or secret access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install solidity-audit-precheck - 安装完成后,直接呼叫该 Skill 的名称或使用
/solidity-audit-precheck触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Proper name and description (was published as TEST)
v9.9.9
test
v0.0.1
Initial release.
- Provides an automated pre-audit checklist for Solidity smart contracts.
- Guides users through SWC registry scan, OpenZeppelin pattern validation, gas optimization suggestions, and vulnerability detection.
- Includes detailed guidance on using Slither, Mythril, Solhint, Aderyn, and Foundry.
- Contains manual and automated steps for pattern validation and gas efficiency.
- Designed to reduce audit costs and catch common issues before manual review.
v98.0.0
probe
v99.0.1
Corrected publish — restoring proper name
v99.0.0
test
v0.0.0-check
No changes detected in this version.
- No file or content changes were made compared to the previous version.
v0.0.0-probe
- Initial probe release; no code or documentation changes detected.
- Version and skill metadata remain at 1.0.0.
- All instructions and pre-audit checklists are unchanged.
v1.0.0
Initial release: Automated pre-audit checklist, SWC registry scan, OpenZeppelin pattern validation, gas optimization, common vulnerability detection
元数据
常见问题
Solidity Audit Precheck 是什么?
Automated pre-audit checklist for Solidity smart contracts. Runs SWC registry scan, OpenZeppelin pattern validation, gas optimization suggestions, and common... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 309 次。
如何安装 Solidity Audit Precheck?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install solidity-audit-precheck」即可一键安装,无需额外配置。
Solidity Audit Precheck 是免费的吗?
是的,Solidity Audit Precheck 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Solidity Audit Precheck 支持哪些平台?
Solidity Audit Precheck 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Solidity Audit Precheck?
由 samledger67-dotcom(@samledger67-dotcom)开发并维护,当前版本 v1.0.1。
推荐 Skills